I tend
to make the local router the default route for PC's and servers, and have its
default route as the firewall. This way the local traffic is handled by the
Cisco's and the firewall isn't flooded with local traffic.
Hi
all,
Internet router
|
|
-------- Firewall ------
DMZ
| |
|
|
| |
172.18.x.x |---------- 172.17.x.x------- 172.30.1.x
All networks have
a direct connection to the firewall, except for the 172.30.1.x network which
is offsite and connected via two cisco 2500 series routers. The
172.30.1.x network can ping all firewall interfaces, the dmz, and the
172.18.x.x network without a problem. When it tries to ping the
172.17.x.x network the requests time out. I'm assuming that this is
happening because the request goes directly to the pc or server in question,
but the reply has to go back through the firewall which is the default gateway
for the 172.17.x.x network and the firewall does not like to get requests when
it doesn't see the reply in the first place and drops it. Users have
no problems connecting for files and such, just pinging which we use for
troubleshooting connectivity. As a work-around I've created a static
route on a server in the 172.17.x.x network that will respond directly to the
172.30.1.x network for troubleshooting. Is there another way around this
via making a change to the firewall? Oh, we are running 4.1sp2 on an nt4
sp6 box.
Thanks for any
help,
|